mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
From 6b0b8b91f454bd021e27abe0e611a6764e4806c1 Mon Sep 17 00:00:00 2001
|
|
From: John Johansen <john.johansen@canonical.com>
|
|
Date: Wed, 16 Dec 2015 18:09:10 -0800
|
|
Subject: [PATCH 15/27] apparmor: fix refcount race when finding a child
|
|
profile
|
|
|
|
When finding a child profile via an rcu critical section, the profile
|
|
may be put and scheduled for deletion after the child is found but
|
|
before its refcount is incremented.
|
|
|
|
Protect against this by repeating the lookup if the profiles refcount
|
|
is 0 and is one its way to deletion.
|
|
|
|
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
|
Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
|
---
|
|
security/apparmor/policy.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
|
|
index ca402d0..7807125 100644
|
|
--- a/security/apparmor/policy.c
|
|
+++ b/security/apparmor/policy.c
|
|
@@ -766,7 +766,9 @@ struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
|
|
struct aa_profile *profile;
|
|
|
|
rcu_read_lock();
|
|
- profile = aa_get_profile(__find_child(&parent->base.profiles, name));
|
|
+ do {
|
|
+ profile = __find_child(&parent->base.profiles, name);
|
|
+ } while (profile && !aa_get_profile_not0(profile));
|
|
rcu_read_unlock();
|
|
|
|
/* refcount released by caller */
|
|
--
|
|
2.7.4
|
|
|